Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2063
Views
3
Helpful
4
Replies

Access-list for MAC addresses

gilson_machado
Level 1
Level 1

‎07-01-2004 06:34 AM - edited ‎03-02-2019 04:46 PM

Does anyone have a sample of access-list for allow a specific MAC address to access the network? In order words, something like:"access-list permit [MAC address]" It is for a simple PC only.

Thanks

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎07-01-2004 06:46 AM

Hello,

you could use a 48-bit extended MAC address access list. Here is an example:

access-list 701 permit 000C.E66B.0DE7 0000.0000.0000

To apply the access list to an interface, type:

interface ethernet 0

access-expression input smac(701)

Which platform are you using ? AFAIK, MAC address filtering is not supported on the e.g. 800 Series routers...

Regards,

GP

0 Helpful

gilson_machado
Level 1
Level 1
In response to Georg Pauwen

‎07-01-2004 09:39 AM

Thanks, I am using Cisco 1721 with IOS 12.2(4). The main goal is to let only few MAC adresses to access network services. Or to limited few devices to get IP addresses from DHCP. Do you think the sample you send me work for this purpose?

Do you know where I can find a documentation about that on CCO ?

Thanks

Gilson

0 Helpful

thisisshanky
Level 11
Level 11
In response to gilson_machado

‎07-01-2004 09:48 AM

Dont remember where I read this, but I think mac-address based ACLs work only on non IP traffic (like DLSW).

If the number of PCs are very less in number, it would be much better to do a hardware based reservation for each mac-address of the PC. Exclude any address beyond the ones that are allocated. This would ensure that nobody else gets an IP address. Also you might want to do 802.1x based auth. on the switch, so that no body comes and plug their PC/laptop to any switchport and start accessing the network.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

gilson_machado
Level 1
Level 1
In response to thisisshanky

‎07-01-2004 11:48 AM

Thanks for the information.

I have the above ACL configured and I will be testing it tomorrow. this is a remote site and I have a HUB connected to the router.

I liked the idea of have it restricted in the DHCP so I will be implementing it.

I will give a feedback tomorrow about the test.

0 Helpful
Customers Also Viewed These Support Documents